Merge pull request #100 from mfojtik/collect-image-registry

Bug 1832232: Gather image registry config

Author: openshift-merge-robot

docs/gathered-data.md

@@ -44,6 +44,13 @@ Location in archive: config/id/
 See: docs/insights-archive-sample/config/id
 
 
+## ClusterImageRegistry
+
+fetches the cluster Image Registry configuration
+
+Location in archive: config/imageregistry/
+
+
 ## ClusterInfrastructure
 
 fetches the cluster Infrastructure - the Infrastructure with name cluster.

manifests/03-clusterrole.yaml

@@ -95,6 +95,14 @@ rules:
     - events
   verbs:
     - list
+- apiGroups:
+    - imageregistry.operator.openshift.io
+  resources:
+    - configs
+  verbs:
+    - get
+    - list
+    - watch
 - apiGroups:
   - ""
   resources:

pkg/controller/operator.go

@@ -18,6 +18,8 @@ import (
 	configv1client "github.com/openshift/client-go/config/clientset/versioned/typed/config/v1"
 	"github.com/openshift/library-go/pkg/controller/controllercmd"
 
+	imageregistryv1client "github.com/openshift/client-go/imageregistry/clientset/versioned"
+
 	"github.com/openshift/insights-operator/pkg/authorizer/clusterauthorizer"
 	"github.com/openshift/insights-operator/pkg/config"
 	"github.com/openshift/insights-operator/pkg/config/configobserver"
@@ -107,6 +109,11 @@ func (s *Support) Run(ctx context.Context, controller *controllercmd.ControllerC
 		return err
 	}
 
+	registryClient, err := imageregistryv1client.NewForConfig(gatherKubeConfig)
+	if err != nil {
+		return err
+	}
+
 	// ensure the insight snapshot directory exists
 	if _, err := os.Stat(s.StoragePath); err != nil && os.IsNotExist(err) {
 		if err := os.MkdirAll(s.StoragePath, 0777); err != nil {
@@ -129,7 +136,7 @@ func (s *Support) Run(ctx context.Context, controller *controllercmd.ControllerC
 
 	// the gatherers periodically check the state of the cluster and report any
 	// config to the recorder
-	configPeriodic := clusterconfig.New(gatherConfigClient, gatherKubeClient.CoreV1(), gatherKubeClient.CertificatesV1beta1(), metricsClient)
+	configPeriodic := clusterconfig.New(gatherConfigClient, gatherKubeClient.CoreV1(), gatherKubeClient.CertificatesV1beta1(), metricsClient, registryClient.ImageregistryV1())
 	periodic := periodic.New(configObserver, recorder, map[string]gather.Interface{
 		"config": configPeriodic,
 	})

pkg/gather/clusterconfig/clusterconfig.go

@@ -2,61 +2,75 @@ package clusterconfig
 
 import (
 	"context"
+	"encoding/base64"
+	"encoding/pem"
 	"fmt"
 	"regexp"
 	"sort"
 	"strings"
 	"sync"
 	"time"
 
-	configv1 "github.com/openshift/api/config/v1"
-	"github.com/openshift/client-go/config/clientset/versioned/scheme"
-	configv1client "github.com/openshift/client-go/config/clientset/versioned/typed/config/v1"
-	certificatesv1beta1 "k8s.io/client-go/kubernetes/typed/certificates/v1beta1"
-
-	"encoding/base64"
-	"encoding/pem"
-
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/serializer"
 	"k8s.io/apimachinery/pkg/util/json"
+	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/apimachinery/pkg/util/sets"
 	kubescheme "k8s.io/client-go/kubernetes/scheme"
+	certificatesv1beta1 "k8s.io/client-go/kubernetes/typed/certificates/v1beta1"
 	corev1client "k8s.io/client-go/kubernetes/typed/core/v1"
 	"k8s.io/client-go/rest"
 	"k8s.io/klog"
 
+	configv1 "github.com/openshift/api/config/v1"
+	registryv1 "github.com/openshift/api/imageregistry/v1"
+	openshiftscheme "github.com/openshift/client-go/config/clientset/versioned/scheme"
+	configv1client "github.com/openshift/client-go/config/clientset/versioned/typed/config/v1"
+	imageregistryv1 "github.com/openshift/client-go/imageregistry/clientset/versioned/typed/imageregistry/v1"
+
 	"github.com/openshift/insights-operator/pkg/record"
 )
 
 var (
-	serializer     = scheme.Codecs.LegacyCodec(configv1.SchemeGroupVersion)
-	kubeSerializer = kubescheme.Codecs.LegacyCodec(corev1.SchemeGroupVersion)
+	openshiftSerializer = openshiftscheme.Codecs.LegacyCodec(configv1.SchemeGroupVersion)
+	kubeSerializer      = kubescheme.Codecs.LegacyCodec(corev1.SchemeGroupVersion)
 
 	// maxEventTimeInterval represents the "only keep events that are maximum 1h old"
 	// TODO: make this dynamic like the reporting window based on configured interval
 	maxEventTimeInterval = 1 * time.Hour
+
+	registrySerializer serializer.CodecFactory
+	registryScheme     = runtime.NewScheme()
 )
 
+func init() {
+	utilruntime.Must(registryv1.AddToScheme(registryScheme))
+	registrySerializer = serializer.NewCodecFactory(registryScheme)
+}
+
 // Gatherer is a driving instance invoking collection of data
 type Gatherer struct {
-	client        configv1client.ConfigV1Interface
-	coreClient    corev1client.CoreV1Interface
-	metricsClient rest.Interface
-	certClient    certificatesv1beta1.CertificatesV1beta1Interface
-	lock          sync.Mutex
-	lastVersion   *configv1.ClusterVersion
+	client         configv1client.ConfigV1Interface
+	coreClient     corev1client.CoreV1Interface
+	metricsClient  rest.Interface
+	certClient     certificatesv1beta1.CertificatesV1beta1Interface
+	registryClient imageregistryv1.ImageregistryV1Interface
+	lock           sync.Mutex
+	lastVersion    *configv1.ClusterVersion
 }
 
 // New creates new Gatherer
-func New(client configv1client.ConfigV1Interface, coreClient corev1client.CoreV1Interface, certClient certificatesv1beta1.CertificatesV1beta1Interface, metricsClient rest.Interface) *Gatherer {
+func New(client configv1client.ConfigV1Interface, coreClient corev1client.CoreV1Interface, certClient certificatesv1beta1.CertificatesV1beta1Interface, metricsClient rest.Interface,
+	registryClient imageregistryv1.ImageregistryV1Interface) *Gatherer {
 	return &Gatherer{
-		client:        client,
-		coreClient:    coreClient,
-		certClient:    certClient,
-		metricsClient: metricsClient,
+		client:         client,
+		coreClient:     coreClient,
+		certClient:     certClient,
+		metricsClient:  metricsClient,
+		registryClient: registryClient,
 	}
 }
 
@@ -74,6 +88,7 @@ func (i *Gatherer) Gather(ctx context.Context, recorder record.Interface) error
 		GatherClusterInfrastructure(i),
 		GatherClusterNetwork(i),
 		GatherClusterAuthentication(i),
+		GatherClusterImageRegistry(i),
 		GatherClusterFeatureGates(i),
 		GatherClusterOAuth(i),
 		GatherClusterIngress(i),
@@ -329,6 +344,22 @@ func GatherClusterAuthentication(i *Gatherer) func() ([]record.Record, []error)
 	}
 }
 
+// GatherClusterImageRegistry fetches the cluster Image Registry configuration
+//
+// Location in archive: config/imageregistry/
+func GatherClusterImageRegistry(i *Gatherer) func() ([]record.Record, []error) {
+	return func() ([]record.Record, []error) {
+		config, err := i.registryClient.Configs().Get("cluster", metav1.GetOptions{})
+		if errors.IsNotFound(err) {
+			return nil, nil
+		}
+		if err != nil {
+			return nil, []error{err}
+		}
+		return []record.Record{{Name: "config/imageregistry", Item: ImageRegistryAnonymizer{config}}}, nil
+	}
+}
+
 // GatherClusterFeatureGates fetches the cluster FeatureGate - the FeatureGate with name cluster.
 //
 // The Kubernetes api https://github.com/openshift/client-go/blob/master/config/clientset/versioned/typed/config/v1/featuregate.go#L50
@@ -490,17 +521,17 @@ func (r Raw) Marshal(_ context.Context) ([]byte, error) {
 // Anonymizer returns serialized runtime.Object without change
 type Anonymizer struct{ runtime.Object }
 
-// Marshal serializes with OpenShift client-go serializer
+// Marshal serializes with OpenShift client-go openshiftSerializer
 func (a Anonymizer) Marshal(_ context.Context) ([]byte, error) {
-	return runtime.Encode(serializer, a.Object)
+	return runtime.Encode(openshiftSerializer, a.Object)
 }
 
 // InfrastructureAnonymizer anonymizes infrastructure
 type InfrastructureAnonymizer struct{ *configv1.Infrastructure }
 
 // Marshal serializes Infrastructure with anonymization
 func (a InfrastructureAnonymizer) Marshal(_ context.Context) ([]byte, error) {
-	return runtime.Encode(serializer, anonymizeInfrastructure(a.Infrastructure))
+	return runtime.Encode(openshiftSerializer, anonymizeInfrastructure(a.Infrastructure))
 }
 
 func anonymizeInfrastructure(config *configv1.Infrastructure) *configv1.Infrastructure {
@@ -517,15 +548,50 @@ type ClusterVersionAnonymizer struct{ *configv1.ClusterVersion }
 // Marshal serializes ClusterVersion with anonymization
 func (a ClusterVersionAnonymizer) Marshal(_ context.Context) ([]byte, error) {
 	a.ClusterVersion.Spec.Upstream = configv1.URL(anonymizeURL(string(a.ClusterVersion.Spec.Upstream)))
-	return runtime.Encode(serializer, a.ClusterVersion)
+	return runtime.Encode(openshiftSerializer, a.ClusterVersion)
 }
 
 // FeatureGateAnonymizer implements serializaton of FeatureGate with anonymization
 type FeatureGateAnonymizer struct{ *configv1.FeatureGate }
 
 // Marshal serializes FeatureGate with anonymization
 func (a FeatureGateAnonymizer) Marshal(_ context.Context) ([]byte, error) {
-	return runtime.Encode(serializer, a.FeatureGate)
+	return runtime.Encode(openshiftSerializer, a.FeatureGate)
+}
+
+// IngressAnonymizer implements serialization with marshalling
+type ImageRegistryAnonymizer struct {
+	*registryv1.Config
+}
+
+// Marshal implements serialization of Ingres.Spec.Domain with anonymization
+func (a ImageRegistryAnonymizer) Marshal(_ context.Context) ([]byte, error) {
+	a.Spec.HTTPSecret = anonymizeString(a.Spec.HTTPSecret)
+	if a.Spec.Storage.S3 != nil {
+		a.Spec.Storage.S3.Bucket = anonymizeString(a.Spec.Storage.S3.Bucket)
+		a.Spec.Storage.S3.KeyID = anonymizeString(a.Spec.Storage.S3.KeyID)
+		a.Spec.Storage.S3.RegionEndpoint = anonymizeString(a.Spec.Storage.S3.RegionEndpoint)
+		a.Spec.Storage.S3.Region = anonymizeString(a.Spec.Storage.S3.Region)
+	}
+	if a.Spec.Storage.Azure != nil {
+		a.Spec.Storage.Azure.AccountName = anonymizeString(a.Spec.Storage.Azure.AccountName)
+		a.Spec.Storage.Azure.Container = anonymizeString(a.Spec.Storage.Azure.Container)
+	}
+	if a.Spec.Storage.GCS != nil {
+		a.Spec.Storage.GCS.Bucket = anonymizeString(a.Spec.Storage.GCS.Bucket)
+		a.Spec.Storage.GCS.ProjectID = anonymizeString(a.Spec.Storage.GCS.ProjectID)
+		a.Spec.Storage.GCS.KeyID = anonymizeString(a.Spec.Storage.GCS.KeyID)
+	}
+	if a.Spec.Storage.Swift != nil {
+		a.Spec.Storage.Swift.AuthURL = anonymizeString(a.Spec.Storage.Swift.AuthURL)
+		a.Spec.Storage.Swift.Container = anonymizeString(a.Spec.Storage.Swift.Container)
+		a.Spec.Storage.Swift.Domain = anonymizeString(a.Spec.Storage.Swift.Domain)
+		a.Spec.Storage.Swift.DomainID = anonymizeString(a.Spec.Storage.Swift.DomainID)
+		a.Spec.Storage.Swift.Tenant = anonymizeString(a.Spec.Storage.Swift.Tenant)
+		a.Spec.Storage.Swift.TenantID = anonymizeString(a.Spec.Storage.Swift.TenantID)
+		a.Spec.Storage.Swift.RegionName = anonymizeString(a.Spec.Storage.Swift.RegionName)
+	}
+	return runtime.Encode(registrySerializer.LegacyCodec(registryv1.SchemeGroupVersion), a.Config)
 }
 
 // IngressAnonymizer implements serialization with marshalling
@@ -534,7 +600,7 @@ type IngressAnonymizer struct{ *configv1.Ingress }
 // Marshal implements serialization of Ingres.Spec.Domain with anonymization
 func (a IngressAnonymizer) Marshal(_ context.Context) ([]byte, error) {
 	a.Ingress.Spec.Domain = anonymizeURL(a.Ingress.Spec.Domain)
-	return runtime.Encode(serializer, a.Ingress)
+	return runtime.Encode(openshiftSerializer, a.Ingress)
 }
 
 // CompactedEvent holds one Namespace Event
@@ -570,7 +636,7 @@ func (a ProxyAnonymizer) Marshal(_ context.Context) ([]byte, error) {
 	a.Proxy.Status.HTTPProxy = anonymizeURLCSV(a.Proxy.Status.HTTPProxy)
 	a.Proxy.Status.HTTPSProxy = anonymizeURLCSV(a.Proxy.Status.HTTPSProxy)
 	a.Proxy.Status.NoProxy = anonymizeURLCSV(a.Proxy.Status.NoProxy)
-	return runtime.Encode(serializer, a.Proxy)
+	return runtime.Encode(openshiftSerializer, a.Proxy)
 }
 
 func anonymizeURLCSV(s string) string {
@@ -596,7 +662,7 @@ type ClusterOperatorAnonymizer struct{ *configv1.ClusterOperator }
 
 // Marshal serializes ClusterOperator
 func (a ClusterOperatorAnonymizer) Marshal(_ context.Context) ([]byte, error) {
-	return runtime.Encode(serializer, a.ClusterOperator)
+	return runtime.Encode(openshiftSerializer, a.ClusterOperator)
 }
 
 func isHealthyOperator(operator *configv1.ClusterOperator) bool {